Making security a priority in mobile enterprise environments

Grace Macej 16 Mar 2016

Avast CEO Vince Steckler discusses how mobile activity influences the security of employees and employers alike at CeBIT 2016.

Today at CeBIT 2016, Avast CEO Vince Steckler delivered a keynote speech focusing on the security risks in mobile enterprise environments.

In his presentation, he discussed how mobile activity influences both employees and employers alike. Let’s take a closer look into the speech:

Vince opened his keynote by stating that the two biggest risks in the mobile enterprise are users of mobile devices and the mobile devices themselves. This is largely due to the following factors:

  • Employees pull business information from the company servers to Google Drive, Dropbox and other Cloud services.

    Employees install personal apps on their business phones. Top apps such as WhatsApp, Facebook, Snapchat, Instagram and some gaming apps request, on average, access to 9 different permissions. In an audience poll, Vince found that nearly 60% of the audience at CeBIT use WhatsApp to communicate with personal contacts on their company phones.

    People lose their phone containing company information. Due to permission-hungry apps, lost phones contain company information more often than you might think. “Lots of apps can be designed simply to steal information,” said Vince Steckler. If an app has access to contacts and calendar, it can also access corporate information.

    An employee may sell their personal phone without deleting confidential company data – and the factory reset function does not always work. This continues to become a larger issue as more and more companies choose to adopt BYOD policies.

    People often connect to open Wi-Fi without using a VPN. Avast conducted a Wi-Fi experiment the weekend before MWC in Barcelona that fooled thousands of attendees. They connected to one of Avast’s bogus Wi-Fi hotspots, risking being spied on and hacked by cybercriminals.

    What can businesses do to secure their sensitive data on mobile?

  • Use access policies to define acceptable use: Define which apps can be used by whom and where, which data can be accessed and how (using dual authentication, network/carrier fencing, jailbreak detection, etc.).
  • Understand the apps you deploy: What sites and/or content do the apps access? Is all of the traffic encrypted? Are the apps’ permissions consistent with their missions?

  • Beware of man-in-the-middle (MITM) attacks: MITM attacks continue to be a risk on mobile devices. Even the latest chip-and-pin credit cards have been hacked this way. A reliable practice is Certificate Pinning, which asks the user to confirm the certificate the first time they connect to a new service. This reduces the attack surface when first accessing and prevents MITM attacks afterwards.

  • Beware of “free” Wi-Fi: Require employees to use encrypted tunnels (e.g. VPNs) and avoid HTTP for your external-facing services – use HTTPS instead. Additionally, use tools that require employees to access through specific SSIDs or mobile networks.

  • Use strong authentication.

  •  

Keep corporate data off the device: This minimizes the attack surface of the service. You can localize data, but outsource the computer to a public cloud, creating a hybrid cloud infrastructure.

Safeguarding business with Avast Virtual Mobile Platform

Avast Virtual Mobile Platform lets businesses create a virtual mobile infrastructure (VMI) that streams standard mobile apps to any device. Since apps run on corporate servers, your data can’t be lost or stolen - even if your device is.

Avast Virtual Mobile Platform stands out from an old-fashioned mobile device management system since our solution doesn’t leave a data-footprint on the end device. Not even session IDs are cached beyond the active session timeout interval. Thus, cybercriminals cannot get a stolen, lost or de-provisioned device and extract information to access our service.

Visit our website for more information about Avast Virtual Mobile Platform.

 Watch Vince's full keynote speech at CeBIT on YouTube:

--> -->